Physical Security Assessment

Overview

In today’s environment, analysis of the physical security of facilities and properties is a critical aspect of an organization’s information security and business continuity planning. Foundstone addresses this requirement with a team of skilled experts who are able to blend their experience and expertise to focus on the critical aspects of physical security that impact an organization’s computing environment.

Foundstone’s physical security reviews are performed and analyzed in the context of your organization’s overall risk management strategy. The criticality of assets within the environment and the perceived threat environment directly affect the level of exposure classified as acceptable. By analyzing the combined factors of assets, threats, and exposure, Foundstone’s physical security review provides much more than a list of actionable security recommendations. We prioritize exposures and make recommendations that align physical security with your overall risk management strategy. This holistic view enables you to protect the right assets with the right level of security.

Key Benefits

Uncover the most critical vulnerabilitiesFoundstone focuses on the highest-risk aspects of physical security that impact an organization’s computing environment.

Get complete analysisFoundstone analyzes assets, threats, and exposures to provide a list of actionable security recommendations.

Secure next step recommendationsOur deliverables include a Physical Security Assessment Technical Report, an Executive Summary, and a half-day workshop with a Physical Security Assessment Presentation.

Methodology

During an onsite assessment, our consultants perform physical inspections of facilities and operations. Foundstone begins each physical security review by gaining an understanding of the resources being protected and the perceived threat environment. Through interviews and limited reviews of local policies and procedures covering physical security operations, Foundstone gains an understanding of the level of protection desired and needed in a given location. Armed with this understanding, Foundstone conducts the review of the facility. Key areas assessed include:

Facility security

Entry points

Data center

User and sensitive environments

Access control and monitoring devices

Guard personnel

Wiring closets

Internal company personnel

Control and accountability

Use of equipment

Security procedure compliance

Awareness

Use of break areas and entry points

External visitor and contractor personnel

Control and accountability

Use of equipment

Security procedure compliance

Use of break areas and entry points

Computer systems and equipment

Workstations

Servers

Backup media

PDAs

Modems and physical access points (visual ID only)

Sensitive information and data

Control

Storage

Destruction

Foundstone does not conduct sweeps of the electronic spectrum to identify and isolate covert listening or transmission devices. We have relationships with several highly-reputable firms that can provide this specialized service, if requested.

We can expand on our overt assessment process through the use of covert red-team assessment techniques. These efforts include tactics such as social engineering, pretext entry, security systems bypass, device or Trojan planting, long-range surveillance, and other methods.